CVE-2019-20022Operation on a Resource after Expiration or Release in Project Libsixel

CWE-672Operation on a Resource after Expiration or Release6 documents5 sources
Severity
6.5MEDIUMNVD
OSV9.8
EPSS
0.4%
top 40.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libsixel Project Libsixel
Timeline
PublishedDec 27
Latest updateMay 24

Description

An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianlibsixel_project/libsixel< 1.8.6-1+3

🔴Vulnerability Details

4
GHSA
GHSA-86j3-8qqw-575j: An invalid memory address dereference was discovered in load_pnm in frompnm2022-05-24
OSV
italc vulnerabilities2020-09-28
OSV
CVE-2019-20022: An invalid memory address dereference was discovered in load_pnm in frompnm2019-12-27
CVEList
CVE-2019-20022: An invalid memory address dereference was discovered in load_pnm in frompnm2019-12-27

📋Vendor Advisories

1
Debian
CVE-2019-20022: libsixel - An invalid memory address dereference was discovered in load_pnm in frompnm.c in...2019
CVE-2019-20022 — Project Libsixel vulnerability | cvebase